I’ve been working with SAP Support on this for over two months and we have gotten, literally, nowhere.
We’re now on our second new server and completely new installer because an update has come out since we began this process.
The issue is, it seems like half the features are just not there. Both instances, install looked good, able to access CMC. However, we cannot do anything. I go to users, I can create a new user, but I cannot give them any rights or roles. I’ve tried going to Folders and even creating a New Folder, the option doesn’t exist. I click on new, and nothing comes up. SAP Support is stumped and keeps passing me from department to department. The only thing that has stayed the same is the License Keys, but SAP has confirmed that the licenses are correct. I’m at a loss.
The worst part, our old Crystal Server crapped out this past weekend, so now we’re mission critical with no idea of when we’re getting this fixed. I used to be a member on the old bobj board when at my last company, I’m hoping someone here can help.
Disclaimer: I have not experienced this issue, but I do have a couple of suggestions if you haven’t tried them already. Also, I don’t have experience with Crystal Server, but the full BI server installation.
Have you tried running a repair?
Hopefully SAP Support has already suggested this but if not, it is probably worth a try. I’ve had some odd issues with our installations before and this has helped.
Were you able to turn off your virus scan while you did the installation? I’ve seen this cause problems in the past but some companies (like ours now) have this so locked down that disabling it is either impossible or a pain.
Thank you for the response. Unfortunately, Support hasn’t recommended this. I’m trying that now. As far as the virus scan, we built the server and installed Crystal Server before we put it on. So, that shouldn’t be an issue.
My main SAP background is in full bobj, but that was with my last company. My current company, of nine years now, isn’t interested in bobj. However, they have always used Crystal Reports. When I started we went from Toad delivering Crystal Reports, to Crystal Server delivering Crystal Reports to take advantage of the dynamic recipient delivery. That was Crystal Server 2013 and we never had any issues like this. Maintenance ran out and we needed to upgrade anyways, Crystal Server 2020 has been nothing but a headache since we started this process last year. We finally got Support involved in January and they haven’t done anything except for pass me back and forth between departments. I thought it was a fluke, but this is our second install (new system, new installer files) and it’s having the same issues. I’m lost at this point.
I’ve frequently had issues with first level support at SAP - especially since most of it is outsourced. You have the right to aggressively ask them to push it up to the next level if they aren’t able to help you - they will be reluctant to do so, but push it.
For the initial configuration and security setup, I always log in as Administrator - not as a user in the Administrators group.
Are you able to assign users to user groups? Best practice is to assign groups the rights to objects instead of assigning users the rights. Are you able to assign rights to user groups?
Also, be sure to check the top-level security for both Folders and Users and Groups - IIRC, I had to tweak these when I was installing BOBJ 4.3 (same platform as Crystal Server 2020) in order to be able to configure security correctly.
I’m only using the administrator login, for the time being. I started playing with security, from what I can. The first thing that see is that Deleting and Editing is explicitly denied. I’ve checked groups, folders, and users. I’ve removed that explicit designation, but it still isn’t letting me do anything.
Also, at the top of the page there is an error in red, that reads "The argument has an invalid value rules (FWM 02024). I’ve done a quick google search and haven’t found this exact message with similar problem.
Is the service account trusted for delegation? I’ve seen it where the admin account or original install wasn’t done with the correct privileges and it caused trouble after that. The unfortunate thing is that this happens so rarely you’re generally just relieved to get it working and will only do it once, so I never think of documenting the solution for the next time (a decade later!)
Thanks for the reply, and this is something I hadn’t thought about.
Our last install, the SQL server was on the same machine, however, this new install is on a different server than our SQL server. I’m using a SQL account, which connected fine. I’m wondering if the issue is the rights that SQL account has on that SQL Server. I granted it DBOwner rights over the Repository and Auditing DBs, but no other rights. Does it need any access to the system DBs?
No, DBOwner permission should be all it needs. It does not need to access any other database. You can check the repository and audit databases to see if the tables are built after the installation. If the tables are built, you should be good. It’s also good that you have the databases on a separate machine.
The service account running the services on the server is different than the account connection to the SQL server. You want to make sure the actual services running on the server are using a system account that is a local admin. It also needs:
The account must specifically have the “Act as part of operating system” right.
The account must specifically have the “Logon as a service” right.
Full control rights to the folder where BI platform is installed.
Full control rights to “ HKEY_LOCAL_MACHINE\SOFTWARE\SAP BusinessObjects” in the system registry.
Make sure DEP is off.
It sounds more a security issue within the platform itself rather than an install issue. Had an issue once after promoting content from Test to Prod, including security (never again!!), where it wiped out the top level security. Support was able to help, had to run a bunch of command line commands to get everything reset.
You have three possible options when setting specific access rights:
Explicitly Denied - this will always be in effect even if access is granted through something else. Be very careful about using this with the Administrators or Everyone groups as it can have unintended consequences.
Explicitly Granted - user/group has the right unless it’s specifically denied somewhere above in the group or folder hierarchy and inheritance is turned on.
Not Assigned - user/group does not have the right unless it’s specifically granted somewhere in the group or folder hierarchy. This is what you generally want to use when denying access to a right.